IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702)

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Clustered Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BmTzOy
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2j42m1h